I created an EC2 instance using a bitami AMI. I created a ec2 key pair using ec2-add-keypair utility
when I tried ssh -i id_rsa-my-keypair bitami#<myinstance> -v
I got the following error
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: settwo_05012012.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: id_rsa-my-keypair
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
The interesting thing is that I tried create another instance using the same keypair with an ubuntu ami, I have no problem getting in. I already rule out port 22 issue. I really want to use this bitami. Help would be much appreciated.
Here are few lines in the ssh config
cat ssh_config|grep -v "#"
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
Try this: ssh -i id_rsa-my-keypair bitnami#myinstance -v
User should be bitnami not bitami.
Related
I try to setup a runner-script that will connect to the VM (where application runs) via SSH. In the environment Variables (CICD Config -> Variables) i store the private key (ed25519) which is used to connect to the VM-server. But then the following Error message occurs.. Does anybody know what to do? Suggestions for possible issues I can check to fix the problem?
Below you find the runner-script .gitlab-ci.yml and the occuring error message.
CI-RUNNER SCRIPT
build_job:
stage: build
script:
- apt-get update -y
- apt-get install openssh-client bash
- mkdir ~/.ssh/
- echo "$SSH_PRIVATE_KEY_CI_RUNNER" > ~/.ssh/id_ed25519
- echo "$SSH_KNOWN_HOST_VM" > ~/.ssh/known_hosts
- chmod -R 600 ~/.ssh/
- ssh -v user#host -p 2222 "ls -a"
ERROR-MESSAGE
debug1: Host '[server-address]:2222' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
user#serveradress: Permission denied (publickey,password).
ERROR: Job failed: exit code 1
For testing, try first with an SSH private key which is not passphrase protected.
That will avoid the "read_passphrase: can't open /dev/tty: No such device or address" and validate that the key is working.
This assumes the public key was published to "host" ~user/.ssh/authorized_keys, and the SSH daemon is listening on the port 2222.
I'm trying to connect to Google Cloud ssh, but I'm not getting it, I get a denied permission error in the public key. I followed some internet tutorials and none worked.
chmod 0700 in the .ssh folder and the files inside it 0600
None of the options below worked.
ssh-add
eval "$ (ssh-agent -s)"
ssh-add ~ / .ssh / id_rsa
authorized_keys
Error log:
debug1: Found key in /home/dev01/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs =
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/dev01/.ssh/id_rsa.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
This guide shows you how to control access to Linux instances by creating SSH keys and editing public SSH key metadata. After you've generated the SSH key using the ssh-keygen tool, you would need to add the key to your instance based or project-wide metadata. This article will help.
I have followed Jeffrey Way's instructions and I am continuously getting the same SSH error within Terminal.
I am wanting to connect through Sequel Pro and upon digging further into it, this is the most accurate log description:
debug1: Host 'IP ADDRESS' is known and matches the RSA host key.
debug1: Found key in /Users/ben/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/ben/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/ben/.ssh/id_rsa.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I generate my SSH key this way:
ssh-keygen -t rsa -C "your_email#example.com"
Then copy it into Laravel Forge by:
cat ~/.ssh/id_rsa.pub | pbcopy
It saves without error. But then I try forge#ip_address and it returns the Permission denied error, always.
Any help would be hugely appreciated.
I had the same problem follwing the instructions.
Try:
pbcopy < ~/.ssh/id_rsa.pub
I solved this problem by recreating the server on Forge. pbcopy also failed to work.
If you added your key from the Forge "Account" > "SSH keys" page after creating your server, you'll need to also add your key here:
Servers > [your server name] > SSH keys > Add
I'm trying to push my id_rsa.pub to server so I can ssh into it.
I've run the following command,
cat ~/.ssh/id_rsa.pub | ssh -v -p 12345 myname#123.45.67.8 'cat >> ~/.ssh/authorized_keys'
which returns the following debugging:
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 123.45.67.8 [123.45.67.8] port 12345.
debug1: Connection established.
debug1: identity file /Users/myname/.ssh/id_rsa type 1
debug1: identity file /Users/myname/.ssh/id_rsa-cert type -1
debug1: identity file /Users/myname/.ssh/id_dsa type -1
debug1: identity file /Users/myname/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA [some server host key]
debug1: Host '[123.45.67.8]:12345' is known and matches the RSA host key.
debug1: Found key in /Users/myname/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/myname/.ssh/github_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/myname/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/myname/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I can't figure out what the problem is..
can anybody please help me out?
Key based authentication will only work if the authorized_keys has
Correct permissions.
Try to do a chmod 600 ~/.ssh/authorized_keys
Your command will only work if you can ssh to the server by entering a password. It also requires the dir ~/.ssh to be created on the remote server and lastly (as Jan-Erik Revsbech points out) the permissions on the local and the remote ~/.ssh needs to disallow others reading it.
If you instead use ssh-copy-id remote-server to copy your keys, then both the dir and permissions on the remote system will be set correctly. It will still require you to enter the password the first time, though.
Make sure to also set the correct owner :)
I tried ssh-copy-id remote-server as suggested by Ole and got an error like this:
Cannot write to .ssh/authorized_keys. Permission denied
The directory ~/.ssh as well as the file authorized_keys were already present on the server and set up with the right permission... but for the wrong user! Here is, what solved it:
chown right-user:right-user .ssh
chown right-user:right-user .ssh/authorized_keys
I changed the owner of the file and the directory. Then ssh-copy-id worked.
I am trying to setup password-less login into my localhost for a distributed computing tutorial. (I've set it up successfully for multiple remote hosts.) I went through the normal steps of generating an rsa key and appending the public key to authorized_keys but I am still prompted for a password. I've also enabled RSAAuthentication and PubKeyAuthentication in /etc/ssh_config. Following other suggestions I've seen, I tried:
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
But the problem persists.
Here is the output from ssh -v localhost:
(tutorial)bnels21-2:tutorial bnels21$ ssh -v localhost
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/bnels21/.ssh/id_rsa type 1
debug1: identity file /Users/bnels21/.ssh/id_rsa-cert type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 1c:31:0e:56:93:45:dc:f0:77:6c:bd:90:27:3b:c6:43
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/bnels21/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/bnels21/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: id_rsa3
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/bnels21/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
Any suggestions? I'm running OSX 10.8.
Since you seem to have multiple keys I would assign the specific key to a specific connection in ~/.ssh/config.
Example:
Host local
HostName 127.0.0.1
Port 22
User your_username
IdentityFile ~/.ssh/your_key-id_rsa
Then just try to ssh local.
I had same problem. I checked the system passwd and group files, and discovered that my user and group was not present. To build this files (my user was a domain user) I need to run two commands at cygwin shell:
mkpasswd -l -d > /etc/passwd
mkgroup -l -d > /etc/group
After that, ssh works fine!
Elvys Borges
It looks like you are using protocol version 2.0 when connecting to localhost, so try moving authorized_keys to authorized_keys2.
Source: this post explains the difference between the two keys files.
I was at my wits end... I was under the mistaken impression ssh-copy-id was a Linux-only utility. Finally I just swallowed my pride and typed the command is the macOS Terminal and it worked!
ssh-copy-id me#sshd-server
I don't know what magic ssh-copy-id does, but it just worked. I was able to log in without a password successfully with the simple command:
ssh me#sshd-server
I had zero luck with cat id_rsa.pub >> ~/.ssh/authorized_hosts. Every time I tried ssh'ing to the server it just kept asking me for the passphrase. This is with the correct 600 permission on authorized_hosts and 700 on ~/.ssh.